From bef630ec1dd8a2af172c51f6d311189397895754 Mon Sep 17 00:00:00 2001 From: Antonio de la Rosa Date: Mon, 23 May 2016 15:41:44 +0200 Subject: [PATCH] Fixed horrible behaviour for get url and post parameters --- paramecio/citoplasma/generate_admin_class.py | 47 ++++++++++---------- paramecio/citoplasma/httputils.py | 34 +++++++------- paramecio/citoplasma/mtemplates.py | 2 +- paramecio/cromosoma/usermodel.py | 9 +++- paramecio/modules/admin/index.py | 26 ++++++----- 5 files changed, 64 insertions(+), 54 deletions(-) diff --git a/paramecio/citoplasma/generate_admin_class.py b/paramecio/citoplasma/generate_admin_class.py index 0048f77..0641d7e 100644 --- a/paramecio/citoplasma/generate_admin_class.py +++ b/paramecio/citoplasma/generate_admin_class.py @@ -49,11 +49,13 @@ class GenerateAdminClass: def show(self): - GetPostFiles.obtain_get() + getpostfiles=GetPostFiles() - GetPostFiles.get['op_admin']=GetPostFiles.get.get('op_admin', '0') + getpostfiles.obtain_get() - GetPostFiles.get['id']=GetPostFiles.get.get('id', '0') + getpostfiles.get['op_admin']=getpostfiles.get.get('op_admin', '0') + + getpostfiles.get['id']=getpostfiles.get.get('id', '0') if len(self.model.forms)==0: @@ -64,14 +66,14 @@ class GenerateAdminClass: for key_form in self.arr_fields_edit: edit_forms[key_form]=self.model.forms[key_form] - if GetPostFiles.get['op_admin']=='1': + if getpostfiles.get['op_admin']=='1': post=None title_edit=I18n.lang('common', 'add_new_item', 'Add new item') - if GetPostFiles.get['id']!='0': - post=self.model.select_a_row(GetPostFiles.get['id'], [], True) + if getpostfiles.get['id']!='0': + post=self.model.select_a_row(getpostfiles.get['id'], [], True) title_edit=I18n.lang('common', 'edit_new_item', 'Edit item') if post==None: @@ -79,13 +81,13 @@ class GenerateAdminClass: form=show_form(post, edit_forms, self.t, False) - return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=GetPostFiles.get['id']) + return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=getpostfiles.get['id']) - elif GetPostFiles.get['op_admin']=='2': + elif getpostfiles.get['op_admin']=='2': - GetPostFiles.obtain_post() + getpostfiles.obtain_post() - #post=GetPostFiles.post + #post=getpostfiles.post self.model.reset_conditions() @@ -93,46 +95,45 @@ class GenerateAdminClass: try: - GetPostFiles.get['id']=str(int(GetPostFiles.get['id'])) + getpostfiles.get['id']=str(int(getpostfiles.get['id'])) except: - GetPostFiles.get['id']='0' + getpostfiles.get['id']='0' title_edit=I18n.lang('common', 'add_new_item', 'Add new item') - if GetPostFiles.get['id']!='0': + if getpostfiles.get['id']!='0': insert_row=self.model.update title_edit=I18n.lang('common', 'edit_new_item', 'Edit item') - self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [GetPostFiles.get['id']]] + self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [getpostfiles.get['id']]] - if insert_row(GetPostFiles.post): + if insert_row(getpostfiles.post): set_flash_message(I18n.lang('common', 'task_successful', 'Task successful')) redirect(self.url) else: - - form=show_form(GetPostFiles.post, edit_forms, self.t, True) - return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=GetPostFiles.get['id']) + form=show_form(getpostfiles.post, edit_forms, self.t, True) + return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=getpostfiles.get['id']) pass - elif GetPostFiles.get['op_admin']=='3': + elif getpostfiles.get['op_admin']=='3': - verified=GetPostFiles.get.get('verified', '0') + verified=getpostfiles.get.get('verified', '0') if verified=='1': - if GetPostFiles.get['id']!='0': - self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [GetPostFiles.get['id']]] + if getpostfiles.get['id']!='0': + self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [getpostfiles.get['id']]] self.model.delete() set_flash_message(I18n.lang('common', 'task_successful', 'Task successful')) redirect(self.url) else: - return self.t.load_template(self.template_verify_delete, url=self.url, item_id=GetPostFiles.get['id'], op_admin=3, verified=1) + return self.t.load_template(self.template_verify_delete, url=self.url, item_id=getpostfiles.get['id'], op_admin=3, verified=1) else: return self.t.load_template(self.template_admin, admin=self) diff --git a/paramecio/citoplasma/httputils.py b/paramecio/citoplasma/httputils.py index 1c79e6c..b6eff21 100644 --- a/paramecio/citoplasma/httputils.py +++ b/paramecio/citoplasma/httputils.py @@ -7,37 +7,38 @@ from paramecio.citoplasma.keyutils import create_key_encrypt class GetPostFiles: # Need this for obtain utf8 valid values - get={} - post={} + def __init__(self): - files={} + self.get={} + + self.post={} + + self.files={} - @staticmethod - def obtain_get(): + def obtain_get(self): - GetPostFiles.get={} + self.get={} - GetPostFiles.get=request.query.decode() + self.get=request.query.decode() - @staticmethod - def obtain_post(required_post=[]): + def obtain_post(self, required_post=[]): - GetPostFiles.post={} + self.post={} - GetPostFiles.post=request.forms.decode() + self.post=request.forms.decode() for post in required_post: - GetPostFiles.post[post]=GetPostFiles.post.get(post, '') + self.post[post]=self.post.get(post, '') s=get_session() if 'csrf_token' in s: - GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '') + self.post['csrf_token']=self.post.get('csrf_token', '') - if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="": + if self.post['csrf_token']!=s['csrf_token'] and self.post['csrf_token'].strip()!="": raise NameError('Error: you need a valid csrf_token') else: @@ -51,7 +52,6 @@ class GetPostFiles: #Check post_token - @staticmethod - def obtain_files(): + def obtain_files(self): - GetPostFiles.files=request.files + self.files=request.files diff --git a/paramecio/citoplasma/mtemplates.py b/paramecio/citoplasma/mtemplates.py index 6627b46..f761430 100644 --- a/paramecio/citoplasma/mtemplates.py +++ b/paramecio/citoplasma/mtemplates.py @@ -316,7 +316,7 @@ class HeaderHTML: return message -def set_flash_message(self, message): +def set_flash_message(message): s=get_session() diff --git a/paramecio/cromosoma/usermodel.py b/paramecio/cromosoma/usermodel.py index bc71dc1..e8de9b4 100644 --- a/paramecio/cromosoma/usermodel.py +++ b/paramecio/cromosoma/usermodel.py @@ -88,9 +88,13 @@ class UserModel(WebModel): #GetPostFiles.obtain_get() #GetPostFiles.obtain_post() - get_id=GetPostFiles.get.get(self.name_field_id, '0') + getpostfiles=GetPostFiles() - post_id=GetPostFiles.post.get(self.name_field_id, '0') + getpostfiles.obtain_get() + + get_id=getpostfiles.get.get(self.name_field_id, '0') + + post_id=getpostfiles.post.get(self.name_field_id, '0') if get_id!='0': get_id=int(get_id) @@ -125,6 +129,7 @@ class UserModel(WebModel): self.conditions[1].append([dict_values[self.email_field]]) if get_id>0: + self.conditions[0]+=' AND '+self.name_field_id+'!=%s' self.conditions[1].append(get_id) diff --git a/paramecio/modules/admin/index.py b/paramecio/modules/admin/index.py index ad6ffb7..08f57ed 100644 --- a/paramecio/modules/admin/index.py +++ b/paramecio/modules/admin/index.py @@ -212,14 +212,16 @@ def login(): user_admin=UserAdmin(connection) - GetPostFiles.obtain_post() + getpostfiles=GetPostFiles() - GetPostFiles.post['username']=GetPostFiles.post.get('username', '') - GetPostFiles.post['password']=GetPostFiles.post.get('password', '') + getpostfiles.obtain_post() - username=user_admin.fields['username'].check(GetPostFiles.post['username']) + getpostfiles.post['username']=getpostfiles.post.get('username', '') + getpostfiles.post['password']=getpostfiles.post.get('password', '') - password=GetPostFiles.post['password'].strip() + username=user_admin.fields['username'].check(getpostfiles.post['username']) + + password=getpostfiles.post['password'].strip() user_admin.conditions=['WHERE username=%s', [username]] @@ -244,7 +246,7 @@ def login(): if s['lang']=='': s['lang']=I18n.default_lang - remember_login=GetPostFiles.post.get('remember_login', '0') + remember_login=getpostfiles.post.get('remember_login', '0') if remember_login=='1': @@ -277,6 +279,8 @@ def login(): @post('/'+config.admin_folder+'/register') def register(): + getpostfiles=GetPostFiles() + connection=WebModel.connection() user_admin=UserAdmin(connection) @@ -287,15 +291,15 @@ def register(): if c==0: - GetPostFiles.obtain_post() + getpostfiles.obtain_post() - GetPostFiles.post['privileges']=2 + getpostfiles.post['privileges']=2 user_admin.valid_fields=['username', 'email', 'password', 'privileges'] user_admin.create_forms() - if user_admin.insert(GetPostFiles.post, False): + if user_admin.insert(getpostfiles.post, False): error= {'error': 0} @@ -303,9 +307,9 @@ def register(): else: - user_admin.check_all_fields(GetPostFiles.post, False) + user_admin.check_all_fields(getpostfiles.post, False) - pass_values_to_form(GetPostFiles.post, user_admin.forms, yes_error=True) + pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True) error={'error': 1}